Agencies can get relief from social-launched attacks

By Dibya Sarkar

Mar 20, 2014

MTN Government, a subsidiary of satellite communications provider MTN, recently unveiled a managed service and platform to help federal agencies identify and combat threats arising from social networking sites.

The Leesburg, Va.,-based company has partnered with cybersecurity firm ZeroFOX, which developed analytics software to identify threats that use social media sites and the source of such attacks.

Peg Grayson, president of MTN Government, said organizations traditionally focus their cybersecurity defenses on firewalls and other points on the network perimeter.

But as government agencies expand the use of social media – especially through mobile devices – they’re seeing new threats from hackers who are increasingly using sites like Facebook, LinkedIn and Twitter to launch cyberattacks.

Grayson said such attacks typically target an individual. For example, hackers could create a “mirror image evil twin” of a high-ranking military officer’s social profile and personal information to disseminate compromising information.

How it works

Through a series of mathematical tools and other algorithms, the ZeroFOX platform program looks beyond the network firewall to analyze and evaluate information directed through the social media site. Essentially, it can separate true signatures or individual patterns from the false ones.

The platform flags a fraudulent profile (or even a valid account that has been compromised) and through a Web-based portal alerts an agency’s information security team and provides relevant details and data.

An agency itself or MTN Government, which provides a hosted service, would then work with the social networking company to remove the profile. If the profile distributed malware, then technical threat details would be integrated into an agency’s existing firewall or Web filter to block further attacks.

The ZeroFOX platform can also identify a malware phishing campaign that targets a large number of employees within an agency, according to MTN. In that case, an agency is alerted to the attack and given relevant data needed to prevent a system-level infection.

Since cyberattackers often mask where their information is coming from, the platform can rapidly sift through multiple layers of IP addresses and different servers to identify the original source of an attack, Grayson said. The platform would provide technical details, including the IP address, URL and other data points that could be integrated into existing security technologies to defend against the attack.

Grayson said larger agencies typically already have the hardware needed for running such programs and therefore can just license the software while MTN trains staff on the analytical tools. This includes identifying signatures, reading and analyzing threats and using search capabilities to identify a source of an attack. It takes about an hour to get an agency up and running with the software, she added. But MTN also provides a managed service, which monitors an organization’s network through its own data center and then provides information about potential social media threats.

Grayson said the platform is being used by enterprise and government clients, but declined to identify them.